What is GHSA-cjr4-fwc8-qf28?

GHSA-cjr4-fwc8-qf28 is a security advisory published by GitHub Security Advisories with High severity. In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free...

Which CVE IDs does GHSA-cjr4-fwc8-qf28 cover?

GHSA-cjr4-fwc8-qf28 covers the following CVE IDs: CVE-2026-43481. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-cjr4-fwc8-qf28?

GHSA-cjr4-fwc8-qf28 has a CVSS v3 base score of 7.8, published by GitHub Security Advisories.

GHSA-cjr4-fwc8-qf28HighCVSS 7.8

In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free...

Vendor

GitHub Security Advisories

Published

May 13, 2026

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-43481 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsg_reply() genlmsg_reply() hands the reply skb to netlink, and netlink_unicast() consumes it on all return paths, whether the skb is queued successfully or freed on an error path. net_shaper_nl_get_doit() and net_shaper_nl_cap_get_doit() currently jump to free_msg after genlmsg_reply() fails and call nlmsg_free(msg), which can hit the same skb twice. Return the genlmsg_reply() error directly and keep free_msg only for pre-reply failures.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-43481
https://git.kernel.org/stable/c/57885276cc16a2e2b76282c808a4e84cbecb3aae
https://git.kernel.org/stable/c/83f7b54242d0abbfce35a55c01322f50962ed3ee
https://git.kernel.org/stable/c/8738dcc844fff7d0157ee775230e95df3b1884d7
https://github.com/advisories/GHSA-cjr4-fwc8-qf28